logo
DATABASE RESOURCES PRICING ABOUT US

linux-4.9 - security update

Description

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. * [CVE-2019-2182](https://security-tracker.debian.org/tracker/CVE-2019-2182) Hanjun Guo and Lei Li reported a race condition in the arm64 virtual memory management code, which could lead to an information disclosure, denial of service (crash), or possibly privilege escalation. * [CVE-2019-5108](https://security-tracker.debian.org/tracker/CVE-2019-5108) Mitchell Frank of Cisco discovered that when the IEEE 802.11 (WiFi) stack was used in AP mode with roaming, it would trigger roaming for a newly associated station before the station was authenticated. An attacker within range of the AP could use this to cause a denial of service, either by filling up a switching table or by redirecting traffic away from other stations. * [CVE-2019-19319](https://security-tracker.debian.org/tracker/CVE-2019-19319) Jungyeon discovered that a crafted filesystem can cause the ext4 implementation to deallocate or reallocate journal blocks. A user permitted to mount filesystems could use this to cause a denial of service (crash), or possibly for privilege escalation. * [CVE-2019-19462](https://security-tracker.debian.org/tracker/CVE-2019-19462) The syzbot tool found a missing error check in the relay library used to implement various files under debugfs. A local user permitted to access debugfs could use this to cause a denial of service (crash) or possibly for privilege escalation. * [CVE-2019-19768](https://security-tracker.debian.org/tracker/CVE-2019-19768) Tristan Madani reported a race condition in the blktrace debug facility that could result in a use-after-free. A local user able to trigger removal of block devices could possibly use this to cause a denial of service (crash) or for privilege escalation. * [CVE-2019-20806](https://security-tracker.debian.org/tracker/CVE-2019-20806) A potential null pointer dereference was discovered in the tw5864 media driver. The security impact of this is unclear. * [CVE-2019-20811](https://security-tracker.debian.org/tracker/CVE-2019-20811) The Hulk Robot tool found a reference-counting bug in an error path in the network subsystem. The security impact of this is unclear. * [CVE-2020-0543](https://security-tracker.debian.org/tracker/CVE-2020-0543) Researchers at VU Amsterdam discovered that on some Intel CPUs supporting the RDRAND and RDSEED instructions, part of a random value generated by these instructions may be used in a later speculative execution on any core of the same physical CPU. Depending on how these instructions are used by applications, a local user or VM guest could use this to obtain sensitive information such as cryptographic keys from other users or VMs. This vulnerability can be mitigated by a microcode update, either as part of system firmware (BIOS) or through the intel-microcode package in Debian's non-free archive section. This kernel update only provides reporting of the vulnerability and the option to disable the mitigation if it is not needed. * [CVE-2020-2732](https://security-tracker.debian.org/tracker/CVE-2020-2732) Paulo Bonzini discovered that the KVM implementation for Intel processors did not properly handle instruction emulation for L2 guests when nested virtualization is enabled. This could allow an L2 guest to cause privilege escalation, denial of service, or information leaks in the L1 guest. * [CVE-2020-8428](https://security-tracker.debian.org/tracker/CVE-2020-8428) Al Viro discovered a potential use-after-free in the filesystem core (vfs). A local user could exploit this to cause a denial of service (crash) or possibly to obtain sensitive information from the kernel. * [CVE-2020-8647](https://security-tracker.debian.org/tracker/CVE-2020-8647), [CVE-2020-8649](https://security-tracker.debian.org/tracker/CVE-2020-8649) The Hulk Robot tool found a potential MMIO out-of-bounds access in the vgacon driver. A local user permitted to access a virtual terminal (/dev/tty1 etc.) on a system using the vgacon driver could use this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation. * [CVE-2020-8648](https://security-tracker.debian.org/tracker/CVE-2020-8648) The syzbot tool found a race condition in the the virtual terminal driver, which could result in a use-after-free. A local user permitted to access a virtual terminal could use this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation. * [CVE-2020-9383](https://security-tracker.debian.org/tracker/CVE-2020-9383) Jordy Zomer reported an incorrect range check in the floppy driver which could lead to a static out-of-bounds access. A local user permitted to access a floppy drive could use this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation. * [CVE-2020-10711](https://security-tracker.debian.org/tracker/CVE-2020-10711) Matthew Sheets reported NULL pointer dereference issues in the SELinux subsystem while receiving CIPSO packet with null category. A remote attacker can take advantage of this flaw to cause a denial of service (crash). Note that this issue does not affect the binary packages distributed in Debian as CONFIG\_NETLABEL is not enabled. * [CVE-2020-10732](https://security-tracker.debian.org/tracker/CVE-2020-10732) An information leak of kernel private memory to userspace was found in the kernel's implementation of core dumping userspace processes. * [CVE-2020-10751](https://security-tracker.debian.org/tracker/CVE-2020-10751) Dmitry Vyukov reported that the SELinux subsystem did not properly handle validating multiple messages, which could allow a privileged attacker to bypass SELinux netlink restrictions. * [CVE-2020-10757](https://security-tracker.debian.org/tracker/CVE-2020-10757) Fan Yang reported a flaw in the way mremap handled DAX hugepages, allowing a local user to escalate their privileges * [CVE-2020-10942](https://security-tracker.debian.org/tracker/CVE-2020-10942) It was discovered that the vhost\_net driver did not properly validate the type of sockets set as back-ends. A local user permitted to access /dev/vhost-net could use this to cause a stack corruption via crafted system calls, resulting in denial of service (crash) or possibly privilege escalation. * [CVE-2020-11494](https://security-tracker.debian.org/tracker/CVE-2020-11494) It was discovered that the slcan (serial line CAN) network driver did not fully initialise CAN headers for received packets, resulting in an information leak from the kernel to user-space or over the CAN network. * [CVE-2020-11565](https://security-tracker.debian.org/tracker/CVE-2020-11565) Entropy Moe reported that the shared memory filesystem (tmpfs) did not correctly handle an mpol mount option specifying an empty node list, leading to a stack-based out-of-bounds write. If user namespaces are enabled, a local user could use this to cause a denial of service (crash) or possibly for privilege escalation. * [CVE-2020-11608](https://security-tracker.debian.org/tracker/CVE-2020-11608), [CVE-2020-11609](https://security-tracker.debian.org/tracker/CVE-2020-11609), [CVE-2020-11668](https://security-tracker.debian.org/tracker/CVE-2020-11668) It was discovered that the ov519, stv06xx, and xirlink\_cit media drivers did not properly validate USB device descriptors. A physically present user with a specially constructed USB device could use this to cause a denial-of-service (crash) or possibly for privilege escalation. * [CVE-2020-12114](https://security-tracker.debian.org/tracker/CVE-2020-12114) Piotr Krysiuk discovered a race condition between the umount and pivot\_root operations in the filesystem core (vfs). A local user with the CAP\_SYS\_ADMIN capability in any user namespace could use this to cause a denial of service (crash). * [CVE-2020-12464](https://security-tracker.debian.org/tracker/CVE-2020-12464) Kyungtae Kim reported a race condition in the USB core that can result in a use-after-free. It is not clear how this can be exploited, but it could result in a denial of service (crash or memory corruption) or privilege escalation. * [CVE-2020-12652](https://security-tracker.debian.org/tracker/CVE-2020-12652) Tom Hatskevich reported a bug in the mptfusion storage drivers. An ioctl handler fetched a parameter from user memory twice, creating a race condition which could result in incorrect locking of internal data structures. A local user permitted to access /dev/mptctl could use this to cause a denial of service (crash or memory corruption) or for privilege escalation. * [CVE-2020-12653](https://security-tracker.debian.org/tracker/CVE-2020-12653) It was discovered that the mwifiex WiFi driver did not sufficiently validate scan requests, resulting a potential heap buffer overflow. A local user with CAP\_NET\_ADMIN capability could use this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation. * [CVE-2020-12654](https://security-tracker.debian.org/tracker/CVE-2020-12654) It was discovered that the mwifiex WiFi driver did not sufficiently validate WMM parameters received from an access point (AP), resulting a potential heap buffer overflow. A malicious AP could use this to cause a denial of service (crash or memory corruption) or possibly to execute code on a vulnerable system. * [CVE-2020-12770](https://security-tracker.debian.org/tracker/CVE-2020-12770) It was discovered that the sg (SCSI generic) driver did not correctly release internal resources in a particular error case. A local user permitted to access an sg device could possibly use this to cause a denial of service (resource exhaustion). * [CVE-2020-13143](https://security-tracker.debian.org/tracker/CVE-2020-13143) Kyungtae Kim reported a potential heap out-of-bounds write in the USB gadget subsystem. A local user permitted to write to the gadget configuration filesystem could use this to cause a denial of service (crash or memory corruption) or potentially for privilege escalation. For Debian 8 Jessie, these problems have been fixed in version 4.9.210-1+deb9u1~deb8u1. This version also fixes some related bugs that do not have their own CVE IDs, and a regression in the macvlan driver introduced in the previous security update ([bug #952660](https://bugs.debian.org/952660)). We recommend that you upgrade your linux-4.9 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: <https://wiki.debian.org/LTS>


Affected Software


CPE Name Name Version
linux-4.9 4.9.110-1~deb8u1
linux-4.9 4.9.144-3.1~deb8u1
linux-4.9 4.9.168-1~deb8u1
linux-4.9 4.9.189-3~deb8u1
linux-4.9 4.9.210-1~deb8u1

Related